DevSecOps Engineer (Azure Kubernetes)

NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities providing consulting digital services technology solutions and more. We believe in harnessing the power of technology to achieve extraordinary things creating lasting value and impact for our communities partners and people. Our diverse workforce of 13000 has delivered large-scale mission-critical and multi-platform projects for governments and enterprises in Singapore and the APAC region.

Were looking for a DevSecOps Engineer to own the security reliability and delivery of our Azure platform and Kubernetes workloads. Youll be the hands-on technical engineer for secure-by-default infrastructureautomating everything-as-code and partnering with product teams to do deployment and enabling fast shipping of codes without trading off security or resilience.

Responsibilities:
Platform engineering (Azure):

• Build and evolve Azure Landing Zones Management Group hierarchy subscription vending and policy-as-code guardrails using Azure Policy or equivalent tools.

Kubernetes (AKS):

• Design & operate private AKS clusters (Azure CNI/Calico etc) implement Pod Security Standards network policies (Calico/Cilium) workload identity (Entra OIDC/Workload Identity) and secure ingress/egress.

CI/CD & supply chain:

• Standardize pipelines in GitHub Actions / Azure DevOps; enforce SBOM image scanning cosign signing/verification provenance (SLSA-aligned) and immutable deploys (GitOps with Argo CD/Flux).

Identity & secrets:

• Implement Entra ID RBAC & PIM Managed Identities Key Vault / Secrets Store CSI and secret rotation practices.

Observability & IR:

• Establish Azure Monitor / Log Analytics baselines tracing SLOs and actionable alerts; integrate with Microsoft Sentinel; lead incident response and postmortems.

Cloud security posture:

• Drive Defender for Cloud coverage vulnerability management (containers hosts code) and automated remediation.

Networking & data protection:

• Hub-and-spoke or vWAN Private Link/Endpoints Private DNS Firewall/NAT Gateway egress control; encryption at rest & in transit KMS integrations.

Resilience & DR:

• Backups (RSV/Velero) multi-region patterns chaos exercises capacity planning; codify DR runbooks and perform tests.

FinOps & compliance:

• Implement tagging/budgets right-sizing Reservations/Savings Plans; map controls to CIS/NIST/ISO and produce audit evidence from pipelines.

Coaching & enablement:

• Pair with product teams review designs/PRs write reference modules/templates and uplift platform literacy across the org.

Security Hardening:

• Enable hardening for respective components including but not limited to OS hardening Application Hardening Azure Services hardening.

The ideal profile should have

• 7 years in DevOps/SRE/Platform Engineering with 3 years on Azure and 2 years operating Kubernetes in production.
• Proven delivery of Azure Landing Zones or equivalent enterprise Azure foundations expressed asTerraform or Bicep modules.
• Strong with GitHub Actions/Azure DevOps artifacts environments approvals reusable workflows.
• Hands-on with container runtime security & policy: OPA/Gatekeeper or Kyverno Pod Security restricted read-only root FS capability drops seccomp/AppArmor.
• Network security in K8s: NetworkPolicy default-deny ingress controllers (Nginx/AGIC) egress control TLS everywhere mTLS preferred.
• Image lifecycle: private registries (ACR) pull-through caches cosign signing & admission verification Nessus scanning.
• Observability: Azure Monitor/Logs DCRs dashboards SLOs alert routing to ITSM; experience integrating with Sentinel or enterprise SIEM.
• Infra & config as code at scale; linting/testing/policy gates; change automation and drift detection (GitOps).
• Solid Linux fundamentals networking PKI and incident response.

We are driven by our AEIOU beliefsAdventure Excellence Integrity Ownership and Unityand we seek individuals who embody these values in both their professional and personal lives. We are committed to our Impact: Valuing our clients Growing our people and Creating our future.

Together we make the extraordinary happen.

Learn more about us at and visit our LinkedIn career site.